Table of Contents
Phone Setup for Technicians
This is mainly an Android phone setup for technicians. Actually, we use tablets to allow our techs to perform work without being required to locate a server.
One very important URL you should know is https://accounts.google.com; this is where you can manage the google account used by your Android device.
Some of our information is sensitive; for example, simply the name/configuration of a VPN connection is actually data that is relatively sensitive. As such, we completely disable all synchronization to Google servers, prefering to use OwnCloud for out data storage needs. This allows shared contacts, calendars and files on our own server.
Gather Information
You will need the following information before starting this process. If anything is not applicable, just ignore it.
- Your Google account information
- your company may use a shared account for all Android devices, or you may share the one with your cell phone. Decide which account you will use, or if you need to make a new one.
- Google Username:
- Google Password:
- Your Owncloud account information
- URL to Owncloud:
- SSL? (does the URL start with https):
- Owncloud Username:
- Owncloud Password:
- Your Jabber server for chat
- URL to Chat Server (Connect Server)
- URL to File Server (if applicable)
- Connection Port (default 5222)
- Username
- Password
- Domain on Chat Server
- OpenVPN Certificate and Configuration
- For IPFire, download the OpenVPN Client Package and unzip it.
- For other firewalls, download as needed. Most installations have two files, a configuration (.conf, .ovpn, etc…) file and a P12 (.p12) file. You need both.
- E-Mail Server information
- Incoming IMAP Server
- URL of server
- Username on Server
- Password on Server
- Outgoing (SMTP) Server
- Following may be the same as Incoming Server
- URL of server
- Username on Server
- Password on Server
- Addresses for any remote VNC connections you might need
- Addresses for any remote RDP connections you might need.
Setup outline
- Set up phone and attach it to your Google account
- Start phone and make network connection
- Set a PIN and put the PIN in here
- Open https://accounts.google.com and log in with your username and password
- Connect phone to your account.
- Turn off sync for Google apps on your Android
- Go into Settings | Account
- Click on Google
- Uncheck all apps (turn off sync for all apps)
- Set up Android Device Manager to manage your device
- Click “Set up Lock and Erase”, and follow the instructions to allow your device to be locked or erased remotely (if you lose it)
- Install following software from the Android Store. Note some of the apps have a small fee, and some are supported by advertisement.
- CardDav-Sync by Marten Gajda
- CalDav-Sync by Marten Gajda
- OpenTasks by Marten Gajda
- OpenVPN Connect by OpenVPN
- ownCloud by ownCloud
- K-9 Mail by K-9 Dog Walkers
- ES File Explorer File Manager by ES Global
- OpenDocument Reader by Thomas Taschauer
- Android Device Manager by Google
- yaxim XMPP/Jabber Client by Georg Lukas
- WiFi Analyzer by VREM Software Development
- Microsoft Remote by Microsoft
- VNC Viewer by RealVNC Limited
- Terminal Emulator for Android by Jack Palevich
- ConnectBot by Kenny Root, Jeff Sharkey, Tome Wuff, Paul Evans
Detailed Information
Following is step by step information for setting up the applications you have installed.
CardDav
CardDAV allows you to synchronize your contact list from your Owncloud server to your Android device. It is similar to Google Contact Sync, and can either replace it fully or co-exist with it. These instructions are for replacing Google Contact Synchronization.
- You need your Owncloud username, password, and the URL of the server you use Owncloud.
- Open CardDav Sync on your Android.
- Create a new account
- Account Type is CardDav
- On the next screen, enter the server name and path (up to the word remote). Do not enter the https. If you are at https://owncloud.example.com/oc/remote/yada/yada, enter owncloud.example.com/oc.
- If you are using https (your server name starts with https), put a check in the Use SSL
- Enter your username and password
- Click the Next button
- Choose all the contacts you want to have sync'd by putting a check in the box
- Click the Next button
- Change the name of the account if you desire
- If you want to only copy the information from the server to your Android, put a check in the “Sync from server to phone only”. That means no changes you make on the Android will go back to the server.
- Click the Finish button
- Click the Done button and exit app
- Open your Contacts app (not normally visible)
- Go into Configuration
- Go into Accounts to Display
- Choose Customize
- Open your Owncloud accounts and select all entries
- Open your Google account and uncheck all entries
CalDav Sync
CardDAV allows you to synchronize your calendars from your Owncloud server to your Android device. It is similar to Google Calendar Sync, and can either replace it fully or co-exist with it. These instructions are for replacing Google Calendar Synchronization.
It also works with OpenTasks for task management.
- You need your Owncloud username, password, and the URL of the server you use Owncloud.
- Open CalDAV Sync on your Android.
- Create a new account
- Account Type is CalDAV
- On the next screen, enter the server name and path (up to the word remote). Do not enter the https. If you are at https://owncloud.example.com/oc/remote/yada/yada, enter owncloud.example.com/oc.
- If you are using https (your server name starts with https), put a check in the Use SSL
- Enter your username and password
- Click the Next button
- Choose all the calendars you want to have sync'd by putting a check in the box
- Click the Next button
- Change the name of the account if you desire
- If you want to only copy the information from the server to your Android, put a check in the “Sync from server to phone only”. That means no changes you make on the Android will go back to the server.
- Click the Done button and exit
- Open the Calendar application on your Android
- Go to Settings
- Turn off gmail accounts for display/sync
- Ensure all of your Owncloud accounts are enabled
OpenTasks
No instructions yet, edit similar to CalDav. The synchronization is actually done via CalDAV.
ownCloud
Owncloud allows files to be downloaded from your Owncloud server. These files can remain on your Android even after you have viewed them. Take necessary security precautions when using this app.
I do not have installation instructions for this right now, but it basically uses the same format as CalDAV and CardDAV.
Be sure to set an extra pin for access, secure your Android, and have Remote Erase available.
K-9 Mail
K-9 Mail Reader is arguably the best mail reader available for Android. We use it as a complete replacement for Google's mail app.
- Open K9
- Click Next at the welcome screen and set up a new account
- Enter email address and password. K-9 will attempt to determine the correct settings for your account
- Click Next
- Choose account type (generally IMAP)
- Verify incoming mail server information. Generally, K-9 guesses your username wrong if you are on a shared server that requires the full e-mail address, so correct that if necessary.
- Click Next
- Verify settings for outgoing mail server. These are generally correct.
- Click Next
- Edit preferences.
- “Push” mail is useful for devices with an always on network connection, and it is low power usage. However, for devices sporadically connected, it might be better to turn this off.
- If you turn off Push, change Folder poll frequency to how often to check for mail.
- If Push is off and poll frequency is “never”, you will only check mail when you tell it to refresh manually.
- Click Next
- Enter account name and your name
- Click Done
- Set Downloads Directory
- Go into Settings | Miscellaneous
- Change the Save Attachments. By default, K-9 puts all attachments in the root of your sdcard. I like them to be in the Download directory.
ES File Explorer
There is no setup for this, and it likes to try to second guess what you want. But, you can do an SMB connection to your workstation to get files from it, so that is good.
OpenDocument Reader
The first time you open an ODF formatted file, you are asked if you want to use this app for that. I say “yes, and remember”. It allows you to view ODF files, and even do some light editing.
Android Device Manager
Having this attached to your device allows you to locate your device, and also do a remote lock and/or erase of it. Definitely a security enhancements (though, it means Google is Watching You!!)
yaxim
Though this is pretty unstable, it appears to be the best XMPP chat program available for Android.
- Open Yaxim
- Enter your username@domain from your xmpp server. The domain may have nothing to do with your actual domain name; it is the domain the xmpp server responds to
- Enter your password
- Click the Advanced button below
- Change the “Resource” to indicate which device this is (optional)
- Change Custom Server to reflect the server name of your XMPP server
- Push the back button on your android
- on the blank screen, select the three dots in the upper left and choose “Connect”
I generally leave this off unless I need to find someone. As I said, it is buggy, and may give you some error messages, but it will work in a fix.
WiFi Analyzer
This is a well thought out app that allows some basic troubleshooting of WiFI. I chose it over others since it is Open Source and does not contain ads.
Remote Connections
One of the biggest things an Android tablet can help with is making a remote connection. We use OpenVPN, then add several apps to allow connections through SSH, VNC and RDP.
OpenVPN
For OpenVPN users, this is a long awaited app. The OpenVPN group has built this, and the project is supported through non-intrusive advertisement. It will allow you to make a secure connection to any OpenVPN server. If you have VPN access to your workplace, adding this and a good VNC, RDP and SSH app will allow you to get some emergency work done if necessary.
- You must somehow get your OpenVPN configuration and p12 key on your Android.Some firewalls compress the two files into a “package” by compressing them. These files can be extracted using ES File Explorer. Read the article moving_files_to_an_android if you need help getting the files onto your Android.
- Start OpenVPN Connect
- Import the configuration (Profile) file
- Open Menu, choose Import | Import Profile from SD card to import a configuration file
- Find the file (.ovpn) and click Select button
- Repeat until all your profiles
- Import the P12 (PKS12) files
- Open Menu, choose Import | Import Profile from SD card to import a configuration file
- Find the file (.p12) and click Select button
- Enter your certificate's password so the app can extract the cert
- Click Ok
- Enter some good name for the certificate, like “office” or “noc” or something
- Click Ok
- Repeat until all your profiles
- Connect to your Profile for the first time.
- If you have more than one profile, make sure the one you want is selected
- Click “Connect” button
- Select the certificate you will use (from the certs you named earlier)
- Select Allow
- You should now be connected. You can test this, or disconnect
Note: you can exit the OpenVPN Connect app and it will stay in the background, so you can do your work over the network. When you are done, always go back into OpenVPN Connect and disconnect.
This procedure removes one level of protection from your OpenVPN; it imports the certificate without a password. Because of this, OpenVPN Connect will not work if you do not have some tablet locking mechanism.
Additionally, if your android is ever lost or stolen, immediately disable the OpenVPN connection on your server and implement a remote Phone Wipe through the Android Device Manager.
ConnectBot
ConnectBot is a basic SSH client which also allows port forwarding and public key authentication. It also supports telnet and local connections
You can define multiple profiles which appear in a list when you connect.
- If you have one or more public keys, get them onto your Android similar to the way we did with the OpenVPN keys.
- Select the Menu Manage Pub Keys
- Select the Menu again and choose Import
- A list of public keys will be displayed for you to choose from
- Create a new connection
- Enter a new connection as username@hostname:port and press enter
- The first time you will be asked if you want to accept the remote source's key. Select “Yes”
- You will be asked for your password.
- Do not worry if you do not make the connection, you can now edit it. If you are still connected, exit the connection.
- Long press the connection and select “Edit” from the menu to change anything you like, such as the session name.
Terminal Emulator
You can actually do everything in ConnectBot that you would do here. I include it for people who do not use ConnectBot
Remote Desktop Client
This is Microsoft's RDP client. It does a pretty good job of connecting, though the the mouse is a little funky. If you can get a bluetooth mouse or use an OTC cable to connect a wired mouse, that is helpful.
Click the plus sign in the upper left corner and select Desktop. The app will attempt to detect RDP server and, if it does, you can select one or choose Add Manually.
The options are pretty familiar to anyone who has used an RDP connection in the past, so I will not go into detail. Just put in the IP address or DNS hostname, and username if you desire, then click Save. An icon will appear on your screen that you can then select to make a connection.
VNC Viewer
This is not my favorite app, but it does the job as well or better than anything else I've found. VNC is always weird anyway.
This app definitely needs a mouse. Using the touchscreen makes life very difficult.
To add a connection, click the plus sign in the lower right corner and fill in the connection information, then click Create.
To open a session, touch the appropriate screen image on your tablet. If you want to edit a session, touch/click the “i”.
There is no screen auto-resizing (which is normal for VNC), but you can use the pinch gesture to make screen larger or smaller.